Device and method for controlling an authentication in a telecommunications network

ABSTRACT

The invention relates to a device and a method for controlling an authentication in a telecommunications network, using a subscriber connection device for connecting a user region to an exchange by means of an external data transmission interface and for implementing an internal data transmission interface in the user region, the external data transmission interface comprising at least one authentication channel. A control unit is used to monitor switched data traffic on the external and/or internal data transmission interface and controls respective logon/logoff processes in the authentication channel to an internet service provider, according to the monitored switched data traffic.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is the US National Stage of International ApplicationNo. PCT/DE03/03285, filed Oct. 2, 2003 and claims the benefit thereof.The International Application claims the benefits of German applicationNo. 10247139.8 DE filed Oct. 9, 2002, both of the applications areincorporated by reference herein in their entirety.

FIELD OF INVENTION

The invention relates to a device and a method for controlling anauthentication in a telecommunications network, in particularly to adevice and a method for automatic logon/logoff to an internet serviceprovider via an xDSL modem.

BACKGROUND OF INVENTION

With a conventional telecommunications network, a customer premisesequipment (CPE) is normally connected via a telephone terminal device toa public or private telephone network and to an exchange located withinsame. In this way, a voice and/or data link to a further customerpremises equipment and a telecommunication terminal located within itcan be established via this exchange or a number of additionalexchanges. Furthermore, not only can other customer premises equipmentbe connected by means of exchanges of this kind, but increasingly alsoInternet service providers (ISP), such as are found on the Internet, canalso be connected.

In the Siemens Switching System EWSD (Electronic Digital SwitchingSystem) a number of data transmission procedures, such as an analog datatransmission using the traditional analog telephone service POTS (PlainOld Telephone Service), in accordance with ISDN (Integrated ServicesDigital Network) and also with the xDSL standard (Digital SubscriberLine) can be carried out via Line Cards (LC). The telephone terminaldevices used in the customer premises equipment are usually in the formof plug-in cards such as PCI-NIC or external equipment with a USB(Universal Serial Bus) or 10-T interface.

Particularly with a connection setup between a customer premisesequipment and an Internet service provider (ISP) such as is realizedwhen surfing the Internet or sending an e-mail, an authentication thatenables charging according to the service and prevents unauthorizedaccess to the network, is required in addition to setting up a physicaldata transmission interface or physical data transmission channel.

An authentication in this case means a logon/logoff procedure thatdetermines and checks both the authenticity and the origin of thetransmission of information. An identification or identifier and anadditional password are basically used for this purpose.

Up to now the authentication, and thus also the start of charging,begins with the connection setup between the subscriber terminal deviceof a customer premises equipment and the exchange or Internet serviceprovider (ISP) connected to it. Checking the subscriber terminal devicefor the user was thus less convenient, and this also resulted in highercharges even if a corresponding Internet service was not used.

SUMMARY OF INVENTION

The object of the invention is therefore to provide a device and amethod for controlling an authentication in a telecommunicationsnetwork, that results in an improved usability and reduction in costs.

In accordance with the invention, this object, with regard to the deviceand method, is achieved by the features of independent claims.

In particular by the use of a control unit to monitor data traffic onthe external data transmission interface and/or of one for data trafficon the internal data transmission interface meant for the external datatransmission interface, and for controlling logon/logoff procedures inan authentication channel of the external data transmission interfacedepending on the monitored data traffic, a connection to the Internetservice provider is automatically established or an authenticationperformed, provided data to be transmitted or received is present in thecustomer premises equipment, whereas if there are faults in such data aconnection to the Internet service provider is automaticallydiscontinued. Usability is thus substantially simplified, whereby, inparticular, the costs can be reduced to the actual charges necessary.

Advantageously, the control unit monitors the data traffic in apredetermined time window, whereby connection setups or cleardowns thatoccur too frequently are prevented via the authentication channel orauthentication protocol, thus resulting in an effective time saving.

Preferably, downstream data traffic is monitored on the external datatransmission interface and/or upstream data traffic is monitored on theinternal data transmission interface, which means that a connectionsetup or cleardown can be further optimized with regard to time delays.

Preferably, a physical data transmission channel of the external datatransmission interface can always be activated independent of thecontrol unit, such as for example is realized in xDSL modems, wherebythis physical data transmission channel can be controlled, i.e. a setupor cleardown performed, depending on the data traffic.

BRIEF DESCRIPTION OF THE DRAWINGS

Further advantageous embodiments of the invention are given in thefurther claims. The invention is explained in more detail in thefollowing using exemplary embodiments and with reference to drawings.

These are as follows:

FIG. 1 A simplified block diagram of a telecommunications network with adevice for controlling authentication in accordance with a firstexemplary embodiment; and

FIG. 2 A simplified block diagram of a telecommunications network with adevice for controlling an authentication in accordance with a secondexemplary embodiment.

DETAILED DESCRIPTION OF INVENTION

FIG. 1 shows a simplified block diagram of a telecommunications networkwith a device for controlling an authentication in accordance with afirst exemplary embodiment.

In accordance with FIG. 1, a customer premises equipment 2 (CPE) has asubscriber terminal device 1 that is connected via an internal datatransmission interface LAN (local area network) with a data processingunit 5 (personal computer PC). With the preferred exemplary embodimentshown in FIG. 1, the subscriber terminal device 1 is an xDSL modem (xdigital subscriber line) as is known for realizing data transmissionswith a higher bandwidth on conventional ISDN lines. Accordingly, thesubscriber terminal device 1 realizes an external data transmissioninterface WAN (wide area network CO) in the direction of an exchange 3(central office, CO), that in addition to a physical data transmissionlayer or the physical DSL data transmission channel (layer 1) also hasan authentication channel in a higher layer (layer 1+n) of the ISO layermodel.

In the authentication channel, that essentially serves for thetransmission of information that specifies an authenticity and an originof the information, authentication protocols such as the point-to-pointprotocol (PPC) or the point-to-point protocol over Ethernet (PPPoE) areused for authentication. This means that a logon or logoff at anInternet service provider (ISP) 6 that is also switched to the exchange3 can thus be carried out.

To realize a terminal device at the exchange end, the exchange orswitching system 3 has a line card 3A for this subscriber terminal and,preferably, an xDSL Line Card (sDSL-LC) for connecting the customerpremises area 2 via an ISDN two-wire line.

The data streams transmitted on the external data transmission interfaceWAN are normally designated as upstream data or upstream data trafficDUe (data upstream external) in an upstream direction or towards theexchange 3 and as downstream data or downstream data traffic DDe (datadownstream external) in the direction of the customer premises equipment2. Similarly, the designators DUi (data upstream internal) and DDi (datadownstream internal) designate particular upstream or downstream data onthe internal data transmission interface LAN.

For automatic control of the logon/logoff procedures in theauthentication channel, a control unit 4 is at this point used in thecustomer premises equipment 2, that on one hand monitors the datatraffic Te (traffic external) on the external data transmissioninterface WAN and/or data traffic Ti (traffic internal) on the internaldata transmission interface LAN meant for the external data transmissioninterface WAN. To be more exact, this means that the amount of ATM(asynchronous transfer mode) cells on the external data transmissioninterface WAN or of IP packets (Internet protocol) on the internal datatransmission interface LAN can be monitored, whereby particularly wherean xDSL modem is used as the subscriber terminal device 1, this kind ofmonitoring is particularly easy to realize.

By using this data corresponding to the monitored data traffic Te and Tion the external and internal data transmission interfaces, control ofthe subscriber terminal device 1 by a control signal S is achieved,whereby, in particular, the logon/logoff procedures in theauthentication channel can be influenced.

More exactly, the connection to the Internet service provider 6 in theauthentication channel is automatically disconnected or interrupted ifno data traffic takes place from the external to the internal or fromthe internal data transmission interface LAN to the external datatransmission interface WAN. On the other hand, a connection to theInternet service provider 6 is automatically restored via theauthentication channel or the authentication protocols PPP or PPPoP, ifdata traffic takes place from the internal data transmission interfaceLAN to the external data transmission interface WAN.

Although at present with xDSL modems it is not possible to activate theexternal data transmission interface WAN from the exchange end, such anactivation is in principle conceivable, and therefore also data trafficfrom the external data transmission interface WAN to the internal datatransmission interface LAN can be monitored for the connection setup inthe authentication channel. To adapt the particular reaction times ofparticular Internet service providers 6 and to avoid unnecessarylogon/logoff operations in the authentication channel, the monitoring ofthe data traffic on the internal and/or external data transmissioninterface LAN and/or WAN can advantageously be carried out in apredetermined time window. In this case, the data traffic Te and/or Tiis monitored on both interfaces WAN and LAN for a predetermined timeperiod, whereby a logoff procedure is automatically carried out in theauthentication channel if no data traffic or no data is detected withinthe predetermined time period.

Furthermore, the control unit 4 can, for example, monitor only thedownstream data traffic DDe on the external data transmission interfaceWAN and/or the upstream data traffic DUi on the internal datatransmission interface LAN, because these data streams are in any caseforwarded through the subscriber terminal device 1 in the downstreamdirection or upstream direction and thus a shortening of the reactiontimes for the logon/logoff procedure in the authentication channel isenabled.

Data transmission according to the ITU G.992.1 (G,DMT) or ITU G.992.2(G.Lite) is preferably carried out on the external data transmissioninterface, with the internal interface LAN being operated using the RFC1483 (Ethernet over AAL5) or RFC 1577 (IP over AAL5) protocols. Withdata transmission standards of protocols of this kind, it isparticularly easy to implement the aforementioned control of theauthentication channel.

As shown in FIG. 1, in the customer premises equipment 2 a dataprocessing unit 5 is switched via an external modem 1 to the exchange 3.In the same way, however, subscriber terminal devices in the form ofplug-in cards such as PCI-NIC can also be used for other terminals.Similarly, external modem devices or subscriber terminal devices with,for example, a USB or 10B-T interface can also be used in the customerpremises equipment.

With regard to the layer 1 connection setup or the connection setup of aphysical data transmission layer or of the physical data transmissionchannel, such as is realized as a DSL layer by an xDSL modem, it can beseen that this data transmission channel of the external datatransmission layer WAN is normally always active i.e. it can inaccordance with the invention basically always transmit data to theexchange 3, regardless of the control unit 4.

In principle, however, subscriber terminal devices are also conceivablethat have no permanently active transmission state of this kind andaccordingly are also controlled relative to the monitored data trafficTi and/or Te of the internal and/or external data transmission interfaceLAN and WAN. The costs for the network operator can also be reduced inthis way, but this would, however, result in increased delay timesbecause of the physical connection setup and cleardown.

FIG. 2 shows a simplified section view of a telecommunications networkwith a device for controlling an authentication in accordance with asecond exemplary embodiment, with the same reference characters beingused to designate the same or corresponding elements and descriptionrepetition thus being omitted.

In accordance with FIG. 2, the customer premises equipment 2 can alsohave a number of data processing units 50 to 5X (personal computers PC)as terminals, that are connected to each other via a connection unit 7and the internal data transmission interface LAN and to the subscriberterminal 1. The connecting unit 7 in this case can be a “hub” orsimilarly can also be a “switch”, with different configurations beingrealizable within the customer premises equipment 2.

This enables not only individuals but also a number of users to accessan Internet service provider 6 via a single subscriber terminal device1, in a particularly simple and inexpensive manner.

The invention has been described in the foregoing using a wired xDSLmodem as a subscriber terminal device and a WAN data transmissioninterface and a LAN data transmission interface for the external andinternal data communication. It is, however, not limited to this and ina similar manner can include cordless or wireless applications in whichboth the internal transmission data interface and also an external datatransmission interface are at least partially realized via a radiointerface. The types of line cards of connection interfaces 3A shown inFIGS. 1 and 2 are in this case replaced by corresponding radioterminals.

Similarly, the public switching shown can also be realized by privateswitching, with it being possible for the private exchange to beswitched at the exchange end to a public exchange.

1-15. (canceled)
 16. A device for controlling an authentication in atelecommunications device, comprising: a subscriber terminal device in acustomer premises equipment; a connection connecting the subscriberterminal device to an exchange via an external data transmissioninterface having a physical data transmission channel and anauthentication channel; an internal data transmission interfaceoperatively connected to the customer premises equipment; and a controlunit for monitoring data traffic and for controlling logon and logoffprocedures in the authentication channel based on the monitored datatraffic, the data traffic selected from the group consisting of trafficon the external data transmission interface, upstream traffic on theinternal data transmission interface, and combinations thereof.
 17. Thedevice according to claim 16, wherein the control unit monitors the datatraffic for a duration of time.
 18. The device according to claim 17,wherein the logoff procedure is carried out in the authenticationchannel if data or the data traffic is not detected within the durationof time.
 19. The device according to claim 16, wherein the data trafficon the external data transmission is montitored in a downstreamdirection.
 20. The device according to claim 16, wherein the subscriberterminal device includes an xDSL modem.
 21. The device according toclaim 16, wherein the external data transmission interface is embodiedin accordance with the ITU G.992.1 standard.
 22. The device according toclaim 16, wherein the external data transmission interface is embodiedin accordance with the ITU G.992.2 standard.
 23. The device according toclaim 16, wherein the authentication channel has an authenticationprotocol embodied in accordance with a point-to-point protocol.
 24. Thedevice according to claim 16, wherein the authentication channel has anauthentication protocol embodied in accordance with a point-to-pointover Ethernet protocol.
 25. The device according to claim 16, whereinthe internal data transmission interface is connected to a dataprocessing unit in the customer premises equipment.
 26. The deviceaccording to claim 16, wherein the control unit controls the physicaldata transmission channel based on the monitored data traffic.
 27. Thedevice according to claim 16, wherein the data transmission channel ofthe external data transmission interface is active.
 28. The deviceaccording to claim 16, wherein internal data transmission interface iswithin the customer premises equipment.
 29. A method for controlling anauthentication in a telecommunications network, comprising: providing anexternal data transmission interface having a physical data transmissionchannel and an authentication channel; monitoring a data trafficselected from the group comprising of data on the external datatransmission interface, downstream data on an internal data transmissioninterface, and combinations thereof, and controlling logon/logoffprocedures in the authentication channel based on the monitored datatraffic.
 30. The method according to claim 29, wherein the data trafficis monitored for a specified duration of time.
 31. The method accordingto claim 29, wherein a downstream of the external data transmissioninterface is monitored.
 32. The method according to claim 29, whereinthe subscriber terminal device includes an xDSL modem and the externaldata transmission interface transmits data embodied in accordance withthe ITU G.992.1 standard or the ITU G.992.2 standard.
 33. The methodaccording to claim 29, further comprising controlling the physical datatransmission channel of the external data transmission interface basedon the monitored data traffic.
 34. The method according to claim 29,where in the data transmission is active.